CERTIFIED-IN-CYBERSECURITY Practice Questions
788 real CERTIFIED-IN-CYBERSECURITY exam questions with expert-verified answers and explanations. Page 10 of 16.
- Question #451Security Principles
Which of the following is NOT a common indicator for side-channel attack?
Side-channel attacksAttack typesSecurity vulnerabilitiesCryptography attacks - Question #452Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
In the event of a disaster, which of the following designates a location to where an organization can relocate and that is fully equipped to resume operations immediately?
Disaster RecoveryBusiness ContinuityRecovery SitesHot Site - Question #453Security Principles
Why do organizations classify their information?
Information ClassificationData SecurityAccess ControlConfidentiality - Question #454Access Controls Concepts
What is a PRIMARY consideration when choosing physical access controls?
Physical SecurityAccess ControlSecurity PrinciplesPersonnel Safety - Question #455Security Principles
How many classifications are typically considered difficult to manage for an organization?
Information ClassificationManagement ComplexitySecurity GovernanceOrganizational Risk - Question #456Security Operations
How does ransomware typically enter a system?
RansomwareThreat VectorsPhishingMalware Delivery - Question #457Security Operations
In the context of change management, what is a security baseline?
Security BaselinesChange ManagementConfiguration ManagementSecurity Controls - Question #458Access Controls Concepts
The Bell-LaPadula model has a PRIMARY goal to: ()
Bell-LaPadula ModelAccess Control ModelsConfidentiality - Question #459Security Principles
What does the label 'unrestricted public data' mean?
Data classificationData typesInformation security principlesImpact assessment - Question #460Security Principles
Which of the following is NOT an ethical canon of the ISC2?
ISC2 Code of EthicsProfessional EthicsCybersecurity PrinciplesEthical Canons - Question #461Access Controls
Which of the following options describes a possible enrollment process in a high-security environment?
Access ControlIdentity ManagementBiometricsAuthentication - Question #462Security Principles
In terms of social engineering tactics, what does 'vishing' refer to?
Social EngineeringVishingCybersecurity ThreatsSecurity Principles - Question #463Data Protection and Privacy
What does a Privacy Policy typically stipulate?
Privacy PolicyData PrivacyPIIData Protection - Question #464Security Principles
What is the purpose of awareness training?
Security AwarenessAwareness TrainingEmployee TrainingSecurity Policies - Question #465Access Controls Concepts
What is the PRIMARY objective of access control?
Access ControlAuthorizationSecurity PrinciplesInformation Security Fundamentals - Question #466Business Continuity (BC), Disaster Recovery (DR) & Incident Response (IR) Concepts
Which of the following is NOT a category of the incident response process?
Incident ResponseIncident HandlingSecurity OperationsCybersecurity Fundamentals - Question #467Security Principles
The first step in the risk management process is:
risk managementrisk management processrisk identificationsecurity principles - Question #468Security Principles
Members of a data protection team in an organization are typically NOT required to ...: ()
Data Protection RolesPrivacy ComplianceLegal RequirementsOrganizational Responsibilities - Question #469Access Controls Concepts
What should be the primary consideration when deciding whether to install biometric scanners on all of the organization's doors or only some of them?
Physical SecurityAccess ControlRisk ManagementSecurity Assessment - Question #470Security Principles
In the cybersecurity landscape, what is the definition of a Bug?
Software flawsBugsApplication errorsSecurity terminology - Question #471Security Principles
What is the purpose of non-repudiation?
Non-repudiationSecurity principlesAccountabilityInformation security concepts - Question #472Business Continuity (BC), Disaster Recovery (DR) & Incident Response (IR) Concepts
What is the primary purpose of a Business Continuity Plan (BCP)?
Business Continuity PlanDisaster RecoveryOrganizational ResilienceRisk Management - Question #473Network Security Concepts
In unified cloud storage, which solution can be used to separate access to patient records from administrative data without moving servers into different networks?
VLANsNetwork SegmentationAccess ControlCloud Security - Question #474Security Principles
A threat actor is ...:
Threat actorsCyber threatsSecurity conceptsCybersecurity fundamentals - Question #475Business Continuity and Disaster Recovery Concepts
In a data center, what do backup generators need to be sized for?
Data Center OperationsBusiness ContinuityDisaster RecoveryCritical Infrastructure - Question #476Network Security Concepts
What is the PRIMARY difference between an intrusion detection system (IDS) and an intrusion prevention system (IPS)?
IDS/IPSNetwork SecuritySecurity Controls - Question #477Access Controls Concepts
What type of access control model is based on user clearance and object classification?
Access Control ModelsMandatory Access Control (MAC)Security Concepts - Question #478Security Principles
An employee received a suspicious text message with an unfamiliar invoice number and a hyperlink for more information. Which of the following attacks is MOST likely being described...
SmishingPhishingSocial EngineeringCybersecurity Threats - Question #479Network Security Concepts
Which of the following best illustrates a shortened version of the IPV6 address 2003:0ab8:0000:0000:0000:eeee:0000:0001?
IPv6IP AddressingNetwork ProtocolsAddress Shortening - Question #480Security Principles
What is ensured by an information security policy? ()
Information Security PolicySecurity GovernanceManagement CommitmentPolicy Purpose - Question #481Access Controls Concepts
What is a disadvantage of password managers? ()
Password ManagersSecurity RisksPassword SecurityVulnerabilities - Question #482Access Controls Concepts
Which of the following statement is related to Discretionary Access Control (DAC)?
Access ControlDiscretionary Access Control (DAC)Security Models - Question #483Access Controls Concepts
Why might users be uncomfortable when using biometrics as an authentication method?
BiometricsAuthentication methodsPrivacy concernsUser perception - Question #484Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
Which of the following types of data should NOT be collected during an incident response?
Incident ResponseData CollectionDigital ForensicsPrivacy - Question #485Security Principles
The posting of photographs of confidential documents that contain identifying information of customers and that have been left unattended on a printer is considered to be a breach:
Data BreachConfidentialityInformation Security IncidentData Privacy - Question #486Network Security Concepts
What are the 'known' ports?
Networking FundamentalsTCP/UDP PortsWell-Known PortsNetwork Protocols - Question #487Security Principles
What best describes the PRIMARY objective of a data retention policy?
Data RetentionInformation GovernanceComplianceSecurity Policies - Question #488Security Principles
What can be considered as Personally Identifiable Information (PII)?
PIIData PrivacyData Classification - Question #489Incident Response, Disaster Recovery, & Business Continuity
In the context of disaster recovery planning, what does RTO stand for?
Disaster RecoveryRTOBusiness Continuity PlanningRecovery Metrics - Question #490Security Principles
What is the PRIMARY difference between qualitative and quantitative risk analysis?
Risk AnalysisQualitative Risk AnalysisQuantitative Risk AnalysisRisk Management - Question #491Security Principles
Which is the PRIMARY objective of the principle of segregation of duties?
Segregation of DutiesSecurity PrinciplesAdministrative ControlsRisk Management - Question #492Security Principles
In the context of information security, what is a definition for 'control'?
Information Security ControlsSecurity ConceptsCIA TriadSafeguards - Question #493Security Principles
What is the PRIMARY objective of Crime Prevention through Environmental Design (CPTED)?
CPTEDPhysical SecurityEnvironmental DesignCrime Prevention - Question #494Security Operations
The latest anti-malware solutions have expanded their detection capabilities to include more than just viruses. Which of the following is NOT typically detected by modern anti-malw...
Anti-malwareMalware typesAPT (Advanced Persistent Threat)Security controls - Question #495Security Principles
Which of the following statements is TRUE regarding digital certificates?
Digital CertificatesPKIAuthenticityIdentity Verification - Question #496Security Principles
Which of the following can be considered an administrative control in a data center?
Administrative controlsSecurity controlsData center securityAccess control policy - Question #497Security Operations
In change management, what is the meaning of baseline identification?
Change ManagementConfiguration ManagementSecurity BaselinesAsset Identification - Question #498Network Security Concepts
Which of the following cloud models allows organizations to integrate their existing on-premises networks?
Cloud ModelsHybrid CloudNetwork IntegrationCloud Computing - Question #499Security Principles
Which cannon of the ISC2 Code of Ethics is specifically designed to prioritize the welfare and trust of the broader public?
ISC2 Code of EthicsProfessional EthicsPublic TrustCybersecurity Principles - Question #500Security Principles
What is the definition of availability?
AvailabilityCIA TriadInformation Security PrinciplesSecurity Concepts